Common Weakness Enumeration

CWE-1176

Allowed-with-Review

Inefficient CPU Computation

Abstraction: Class · Status: Incomplete

The product performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the computations can be optimized further.

3 vulnerabilities reference this CWE, most recent first.

CVE-2024-23323 (GCVE-0-2024-23323)

Vulnerability from cvelistv5 – Published: 2024-02-09 22:50 – Updated: 2024-08-01 22:59
VLAI
Title
Excessive CPU usage when URI template matcher is configured using regex in Envoy
Summary
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-1176 - Inefficient CPU Computation
Assigner
References
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.29.0, < 1.29.1
Affected: >= 1.28.0, < 1.28.1
Affected: >= 1.27.0, < 1.27.3
Affected: < 1.26.7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23323",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-12T16:42:03.639531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:20:51.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.269Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.28.0, \u003c 1.28.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.27.0, \u003c 1.27.3"
            },
            {
              "status": "affected",
              "version": "\u003c 1.26.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1176",
              "description": "CWE-1176: Inefficient CPU Computation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-09T22:50:18.938Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch"
        },
        {
          "name": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645"
        }
      ],
      "source": {
        "advisory": "GHSA-x278-4w4x-r7ch",
        "discovery": "UNKNOWN"
      },
      "title": "Excessive CPU usage when URI template matcher is configured using regex in Envoy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-23323",
    "datePublished": "2024-02-09T22:50:18.938Z",
    "dateReserved": "2024-01-15T15:19:19.439Z",
    "dateUpdated": "2024-08-01T22:59:32.269Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-92VJ-HP7M-GWCJ

Vulnerability from github – Published: 2026-05-29 20:02 – Updated: 2026-05-29 20:02
VLAI
Summary
Nerdbank.MessagePack has Inefficient CPU Computation
Details

Impact

Applications that call OptionalConverters.WithExpandoObjectConverter and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a O(n²) algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an ExpandoObject, whose Add method is implemented as an O(n) algorithm.

Patches

Update to a patched version.

If a project's ExpandoObject data requires more than 128 properties, the default limit should be changed:

this.Serializer = this.Serializer with
{
    StartingContext = this.Serializer.StartingContext with
    {
        Security = this.Serializer.StartingContext.Security with
        {
            ExpandoObjectMaxPropertyCount = 256, // Set this to whatever limit is required by your application
        },
    },
};

Workarounds

Avoid the non-default WithExpandoObjectConverter extension method when deserializing untrusted data. If deserializing untrusted data into an ExpandoObject is required, developers should write a custom converter for their project that limits the number of properties allowed before initializing the object.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Nerdbank.MessagePack"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-1176"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-29T20:02:59Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nApplications that call `OptionalConverters.WithExpandoObjectConverter` and deserialize untrusted data are open to a vulnerability by which an attacker can exploit a `O(n\u00b2)` algorithm to burn an inordinate amount of CPU effort by adding a great many properties to an `ExpandoObject`, whose `Add` method is implemented as an `O(n)` algorithm.\n\n### Patches\n\nUpdate to a patched version.\n\nIf a project\u0027s `ExpandoObject` data requires more than 128 properties, the default limit should be changed:\n\n```cs\nthis.Serializer = this.Serializer with\n{\n\tStartingContext = this.Serializer.StartingContext with\n\t{\n\t\tSecurity = this.Serializer.StartingContext.Security with\n\t\t{\n\t\t\tExpandoObjectMaxPropertyCount = 256, // Set this to whatever limit is required by your application\n\t\t},\n\t},\n};\n```\n\n### Workarounds\n\nAvoid the non-default `WithExpandoObjectConverter` extension method when deserializing untrusted data.\nIf deserializing untrusted data into an `ExpandoObject` is required, developers should write a custom converter for their project that limits the number of properties allowed before initializing the object.",
  "id": "GHSA-92vj-hp7m-gwcj",
  "modified": "2026-05-29T20:02:59Z",
  "published": "2026-05-29T20:02:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/AArnott/Nerdbank.MessagePack/security/advisories/GHSA-92vj-hp7m-gwcj"
    },
    {
      "type": "WEB",
      "url": "https://github.com/AArnott/Nerdbank.MessagePack/commit/c5a239e4f20c38548de44c4dd2a782efd5e2547c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/AArnott/Nerdbank.MessagePack"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Nerdbank.MessagePack has Inefficient CPU Computation"
}

GHSA-H36M-9QJR-PV93

Vulnerability from github – Published: 2025-09-25 15:30 – Updated: 2025-09-25 21:30
VLAI
Details

PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1176"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-25T15:16:12Z",
    "severity": "MODERATE"
  },
  "details": "PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.",
  "id": "GHSA-h36m-9qjr-pv93",
  "modified": "2025-09-25T21:30:25Z",
  "published": "2025-09-25T15:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46153"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pytorch/pytorch/issues/142853"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pytorch/pytorch/pull/143460"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/shaoyuyoung/4bcefba4004f8271e64b5185c95a248a"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/shaoyuyoung/e636f2e7a306105b7e96809e2b85c28a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pytorch/pytorch/compare/v2.6.0...v2.7.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.